Murphy discusses role on NERC supply chain cybersecurity standards team

January 25, 2018 /
615 views

Intense but rewarding.

That’s how JoAnn Murphy, PJM manager – Procurement, described her recent role as the vice chair of the North American Electric Reliability Corporation team that developed new mandatory reliability standards to enhance supply chain cybersecurity risk management protections (see box).

The standards augment current critical infrastructure protection standards to alleviate cybersecurity risks associated with the supply chain for grid-related cyber systems. This covers control system hardware, software, and computing and networking services. It protects information technology systems, software and networks from risks such as malware or data theft.

The team spent countless hours over 15 months navigating an aggressive timeline to bring forth the proposed standards.

“As we developed the draft and subsequent revisions, there was a lot of industry outreach and webinars,” she said, “as well as presentations to various regional entities and compliance organizations. That outreach was critical to the success.

“Our goal was to draft a standard that would move the industry forward, but was not too prescriptive. It had to be flexible enough to allow for conti

nuous improvement in an evolving industry.”

When NERC announced the nomination period for the drafting team, Murphy said she was interested in participating – but as an observer, not necessarily as a team member.

Tom O’Brien, PJM senior vice president and chief information officer, recommended that Murphy apply. She was selected for the drafting team in September 2016 and appointed vice chair.

Murphy brought the ISO/RTO perspective. Committee members’ work experience took in a number of functions – compliance, information technology, procurement – which gave the team the scope it needed.

“We had a really good mix of expertise and perspectives,” said Murphy, “representing various companies and sectors.”

Murphy’s work complemented that of Tom Foster, PJM manager – CIP Compliance, who is part of the ongoing NERC Modifications to CIP Standards drafting team. One aspect that made this different was the scope of the standard.

“This one is a little different from the other NERC CIP standards, which tend to be more prescriptive,” said Murphy. “It is intended to be forward-looking and risk-based. Each responsible entity needs to develop a plan to address the issues and then implement its own plan.”

Andy Ott, PJM president and CEO, said Murphy’s work was “a great example of PJM demonstrating its leadership in the industry and ongoing commitment to PJM’s culture of compliance, security and reliability.”

He also noted that there is still work to do, but this is a significant step forward for the electric industry.

City Spotlight

Tips & Tools

Subscribe

Want to subscribe to Inside Lines?

PJM Inside Lines is the official source for company news. The news site is updated regularly as developments occur, such as rulings by or filings with the Federal Energy Regulatory Commission, stakeholder actions and market or operations changes. Subscribe to Inside Lines updates on pjm.com at My Email Lists, under Communications.